Re: [Shorewall-users] Shorewall 4.5.2

2012-04-12 Thread Tuomo Soini
On Wed, 11 Apr 2012 15:42:58 -0600 Orion Poplawski wrote: > +PERLLIBDIR=${PREFIX}/share/perl5 I think this should be ${PREFIX}/share/perl5/vendor_perl accodring fedora perl packaging guidelines. Only system perl installs to /usr/share/perl5. -- Tuomo Soini Foobar Linux services +358 40 52400

Re: [Shorewall-users] Problem with nat on a multiple isp configuration

2012-04-12 Thread Alessandro Faglia
On Thu, Apr 12, 2012 at 8:20 AM, Alessandro Faglia < alessandro.fag...@serioplast.com> wrote: > On Wed, Apr 11, 2012 at 5:35 PM, Tom Eastep wrote: > >> >> Have you looked at eth1 with tcpdump when doing this test? If you use >> the -e option (e.g., tcpdump -nei eth1 port 25 and host ) >> you can

Re: [Shorewall-users] Problem with nat on a multiple isp configuration

2012-04-12 Thread Tom Eastep
On 04/11/2012 11:20 PM, Alessandro Faglia wrote: > > For what I understand I shouldn't have any output from tcpdump, or is it > normal? Do you see routing issues? > That looks okay. Now try running tcpdump on eth4 while you are testing; do you see response packets being sent out of eth4 rather

Re: [Shorewall-users] Shorewall 4.4.26.1-1 on Ubuntu precise - NAT LOCALE not working

2012-04-12 Thread Tom Eastep
On 04/11/2012 09:30 PM, Petr Cervenka wrote: > Hi All, > > I had same setup on Lucid and everything works fine, now I moved to > precise and have same config files and one feature stopped working > > > X.X.196.79eth110.7.0.16YesYes > > But the machine (10.7.0.16) can not see it self via publi

Re: [Shorewall-users] Shorewall 4.4.26.1-1 on Ubuntu precise - NAT LOCALE not working

2012-04-12 Thread Petr Cervenka
Hi Well almost on working one i have lucid: shorewall 4.4.6-1 Current shorewall4.4.26.1-1 But kernel is different too. I am not sure if i am missing some options? ta > On 04/11/2012 09:30 PM, Petr Cervenka wrote: > > Hi All, > > > > I

Re: [Shorewall-users] Shorewall 4.4.26.1-1 on Ubuntu precise - NAT LOCALE not working

2012-04-12 Thread Tom Eastep
On 04/12/2012 06:30 AM, Petr Cervenka wrote: > Hi > > Well almost on working one i have lucid: > shorewall 4.4.6-1 > > Current > shorewall4.4.26.1-1 Those two releases were a year apart (and please don't top-post). > > > But kernel is dif

Re: [Shorewall-users] Shorewall 4.4.26.1-1 on Ubuntu precise - NAT LOCALE not working

2012-04-12 Thread Petr Cervenka
On Thursday, 12 April 2012 at 9:40 PM, Tom Eastep wrote: > On 04/12/2012 06:30 AM, Petr Cervenka wrote: > > Hi > > > > Well almost on working one i have lucid: > > shorewall 4.4.6-1 > > > > Current > > shorewall 4.4.26.1-1 > > > > > Those two releases were a year apart (and please don't

Re: [Shorewall-users] Shorewall 4.4.26.1-1 on Ubuntu precise - NAT LOCALE not working

2012-04-12 Thread Tom Eastep
On 04/12/2012 06:53 AM, Petr Cervenka wrote: > Here is my trace , i won't post it here , but here is link > : http://dl.dropbox.com/u/361686/trace I need to see the output of 'shorewall dump' rather than a trace; a trace is only useful when Shorewall fails to start. Thanks, -Tom -- Tom Eastep

Re: [Shorewall-users] Problem with nat on a multiple isp configuration

2012-04-12 Thread Alessandro Faglia
On Thu, Apr 12, 2012 at 3:19 PM, Tom Eastep wrote: > On 04/11/2012 11:20 PM, Alessandro Faglia wrote: > > > > > For what I understand I shouldn't have any output from tcpdump, or is it > > normal? Do you see routing issues? > > > > That looks okay. Now try running tcpdump on eth4 while you are te

Re: [Shorewall-users] Problem with nat on a multiple isp configuration

2012-04-12 Thread Tom Eastep
On 04/12/2012 07:10 AM, Alessandro Faglia wrote: > On Thu, Apr 12, 2012 at 3:19 PM, Tom Eastep > wrote: > > On 04/11/2012 11:20 PM, Alessandro Faglia wrote: > > > > > For what I understand I shouldn't have any output from tcpdump, or > is it > >

Re: [Shorewall-users] Shorewall 4.4.26.1-1 on Ubuntu precise - NAT LOCALE not working

2012-04-12 Thread Tom Eastep
On 04/12/2012 07:09 AM, Tom Eastep wrote: > On 04/12/2012 06:53 AM, Petr Cervenka wrote: > >> Here is my trace , i won't post it here , but here is link > >> : http://dl.dropbox.com/u/361686/trace > > I need to see the output of 'shorewall dump' rather than a trace; a > trace is only useful whe

Re: [Shorewall-users] Problem with nat on a multiple isp configuration

2012-04-12 Thread Alessandro Faglia
On Thu, Apr 12, 2012 at 4:15 PM, Tom Eastep wrote: > > Most likely it is a bug in the ancient version of Shorewall you are > running. You can try: > > - shorewall stop > - /etc/init.d/networking restart > - shorewall start > > and see if that fixes it. > OK I'll try as soon as I can and I'll let

Re: [Shorewall-users] Shorewall 4.5.2

2012-04-12 Thread Tom Eastep
On 04/11/2012 03:42 PM, Tom Eastep wrote: > On 4/11/12 2:42 PM, Orion Poplawski wrote: >> Also, /etc/shorewall{,6}-lite/Makefile probably should go in >> /usr/share/shorewall{,6}-lite. > > Done. I've decided to hold off on this last change until 4.5.3. I think it needs discussion on the developm

Re: [Shorewall-users] Shorewall 4.5.2

2012-04-12 Thread Orion Poplawski
On 04/12/2012 03:59 AM, Tuomo Soini wrote: > On Wed, 11 Apr 2012 15:42:58 -0600 > Orion Poplawski wrote: > >> +PERLLIBDIR=${PREFIX}/share/perl5 > > I think this should be ${PREFIX}/share/perl5/vendor_perl accodring > fedora perl packaging guidelines. > > Only system perl installs to /usr/share/per

Re: [Shorewall-users] Shorewall 4.5.2

2012-04-12 Thread Orion Poplawski
On 04/11/2012 03:42 PM, Orion Poplawski wrote: > On 04/10/2012 11:52 AM, Tom Eastep wrote: >> The Shorewall Team is pleased to announce the availability of Shorewall >> 4.5.2. >> >> 5) The evolution of the Shorewall installation process >> continues. Testers are invited to provide comments and sugg

Re: [Shorewall-users] Shorewall 4.5.2

2012-04-12 Thread Orion Poplawski
On 04/12/2012 08:52 AM, Tom Eastep wrote: > On 04/11/2012 03:42 PM, Tom Eastep wrote: >> On 4/11/12 2:42 PM, Orion Poplawski wrote: > >>> Also, /etc/shorewall{,6}-lite/Makefile probably should go in >>> /usr/share/shorewall{,6}-lite. >> >> Done. > > I've decided to hold off on this last change unti

Re: [Shorewall-users] Shorewall 4.5.2

2012-04-12 Thread Tom Eastep
On 4/12/12 8:40 AM, Orion Poplawski wrote: > On 04/12/2012 03:59 AM, Tuomo Soini wrote: >> On Wed, 11 Apr 2012 15:42:58 -0600 >> Orion Poplawski wrote: >> >>> +PERLLIBDIR=${PREFIX}/share/perl5 >> >> I think this should be ${PREFIX}/share/perl5/vendor_perl accodring >> fedora perl packaging guideli

Re: [Shorewall-users] Multiple internal interfaces

2012-04-12 Thread Tom Eastep
On 4/12/12 10:57 AM, Orion Poplawski wrote: here? > > I first thought it was the masq setting and so did: > > p2p2:!10.0.0.0/810.0.0.0/8 4.28.99.98 > > but it still routes it out p2p2: Entries in /etc/shorewall/masq *never* change the routing of a packet. > > 11:22:02.561155 IP 1

Re: [Shorewall-users] Multiple internal interfaces

2012-04-12 Thread Orion Poplawski
On 04/12/2012 12:11 PM, Tom Eastep wrote: > On 4/12/12 10:57 AM, Orion Poplawski wrote: > here? >> >> I first thought it was the masq setting and so did: >> >> p2p2:!10.0.0.0/810.0.0.0/8 4.28.99.98 >> >> but it still routes it out p2p2: > > Entries in /etc/shorewall/masq *never* change

Re: [Shorewall-users] Multiple internal interfaces

2012-04-12 Thread Tom Eastep
On 04/12/2012 11:21 AM, Orion Poplawski wrote: > On 04/12/2012 12:11 PM, Tom Eastep wrote: >> Looks like you forgot to add p1p1 to the COPY column in your providers file. > > Indeed. I'll have to try to remember that. Thanks! > Setting USE_DEFAULT_RT=Yes can eliminate that issue. Looks like y

Re: [Shorewall-users] Block service Skype with Shorewall

2012-04-12 Thread Paul Gear
On 29/03/12 07:58, I.S.C. William wrote: > I have a transparent squid proxy, together with shorewall firewall > version 4.4.25.3, my question is .. > How I can block the Skype service to my local network, but without > having to block port 80 and 443 are used for other sites and services. > I had t